A. Michael Froomkin

Document information and copyright notice

[Page n] references relate to the pagination of the printed version.

Click here to jump to a specific page:

To table of contents


Without the ability to keep secrets, individuals lose the capacity to distinguish themselves from others, to maintain independent lives, to be complete and autonomous persons. . . . This does not mean that a person actually has to keep secrets to be autonomous, just that she must possess the ability to do so. The ability to keep secrets implies the ability to disclose secrets selectively, and so the capacity for selective disclosure at one's own discretion is important to individual autonomy as well.{1}
Secrecy is a form of power.{2} The ability to protect a secret, to preserve one's privacy, is a form of power.{3} The ability to penetrate secrets, to learn them, to use them, is also a form of power. Secrecy empowers, secrecy protects, secrecy hurts. The ability to learn a person's secrets without her knowledge--to pierce a person's privacy in secret--is a greater power still.

People keep secrets for good reasons and for evil ones. Learning either type of secret gives an intruder power over another. Depending on the people compromised and the secrets learned, this power may be deployed for good (preventing a planned harm) or ill (blackmail, intimidation).

This Article is about the clash between two types of power: the individual's power to keep a secret from the state and others, and the state's power to penetrate that secret.{4} It focuses on new[Page 713]conflicts between the perennial desire of law enforcement and intelligence agencies to have the capability to penetrate secrets at will, and private citizens who are acquiring the ability to frustrate these desires. This is an article about the Constitution and the arcana of secret-keeping: cryptography.{5}

This is also a long article. It is long because it addresses three complex issues. First, it outlines some of the promises and dangers of encryption. Second, it analyzes the constitutional implications of a major government proposal premised on the theory that it is reasonable for the government to request (and perhaps some day to require) private persons to communicate in a manner that makes governmental interception practical and preferably easy. Third, it speculates as to how the legal vacuum regarding encryption in cyberspace shortly will be, or should be, filled.

What fills that vacuum will have important consequences. The resolution of the law's encounter with cryptography has implications far beyond whether the government adopts the Clipper Chip or whether a particular cipher may be licensed for export. The resolution of this debate will shape the legal regulation of cyberspace and in so doing shape its social structures and social ethics.

Cryptologists{6} use a few terms that may not be familiar to lawyers, and it is useful to define them at the outset of any discussion relating to encryption. Cryptography is the art of creating and using methods of disguising messages, using codes, ciphers, and other methods, so that only certain people can see the real message. Codes and ciphers are not the same. A code is a system of communication that relies on a pre-arranged mapping of meanings such as those found in a code book. A cipher is a method of encrypting any text regardless of its content.{7} Paul Revere's "[o]ne, if by land, and two, if by sea" was a code.{8} If the British had landed by parachute,[Page 714]no quantity of lanterns would have sufficed to communicate the message. The modern cryptographic systems discussed in this Article are all ciphers, although some are also known as electronic code books.

Those who are supposed to be able to read the message disguised by the code or cipher are called recipients. "The original message is called a plaintext. The disguised message is called a ciphertext. Encryption means any procedure to convert plaintext into ciphertext. Decryption means any procedure to convert ciphertext into plaintext."{9} An algorithm is a more formal name for a cipher. An algorithm is a mathematical function used to encrypt and decrypt a message. Modern algorithms use a key to encrypt and decrypt messages.{10} A single-key system is one in which both sender and receiver use the same key to encrypt and decrypt messages. Until recently, all ciphers were single-key systems. One of the most important advances in cryptography is the recent invention of public-key systems, which are algorithms that encrypt messages with a key that permits decryption only by a different key.{11} The legal and social implications of this discovery figure prominently in this Article.

Cryptanalysis is the art of breaking the methods of disguise invented with cryptography. Lawyers will recognize the cryptographers' terms for cryptanalysts who seek to read messages intended only for recipients: enemies, opponents, interlopers, eavesdroppers, and third parties.{12} In this Article, however, cryptanalysts who work for U.S. law enforcement or intelligence organizations such as the FBI or the National Security Agency (NSA) will be called public servants. Key escrow refers to the practice of duplicating and holding the key to a cipher--or the means of recreating or accessing the key to a cipher--so that some third party (the escrow agent) can decrypt messages using that cipher. As used in the Clipper Chip debates, the term "escrow" is something of a misnomer because the escrow is[Page 715]primarily for the benefit of the government rather than the owner of the key.

Part I of this Article describes advances in encryption technology that are increasing personal privacy, particularly electronic privacy, but reducing the U.S. government's ability to wiretap telephones, read e-mail surreptitiously, and decrypt computer disks and other encrypted information. To ensure the continuation of the wiretapping and electronic espionage capabilities that it has enjoyed since soon after the invention of the telegraph and the telephone,{13} the government has devised an Escrowed Encryption Standard (EES),{14} to be implemented in the Clipper Chip{15} and other similar devices.{16} In Clipper and related products the government[Page 716]proposes a simple bargain: In exchange for providing the private sector with an encryption technology certified as unbreakable for years to come by the NSA,{17} the government plans to keep a copy of the keys{18}--the codes belonging to each chip--which, the government hopes, will allow it to retain the ability to intercept messages sent by the chip's user. The government's proposal includes procedures designed to reduce the risk that the keys would be released to law enforcement agencies without legally sufficient justification, although the likely effectiveness of these procedures is debatable. Most U.S. residents remain free, however, to reject the government's offer, use alternatives to Clipper (so long as the software or hardware remains in the U.S.),{19} and withhold their keys from the government.{20} With ever more secure methods of [Page 717]encryption becoming easier to use, U.S. residents can protect their electronic communications and records so well that they are able to frustrate interception attempts by even the most sophisticated government agencies.{21}

Part II examines the legal justifications and constitutional implications of the EES proposal. It argues that the EES proposal violates the spirit, although not the letter, of the Administrative Procedures Act and represents an abuse of the technical standard-setting process. The involvement of the NSA may violate the Computer Security Act, but the absence of public information as to its role makes a firm judgment impossible. Part II also discusses Clipper's inherent policy and technical weaknesses and the inconsistencies between the Administration's policy objectives--to the extent they are unclassified--and the Clipper proposal itself. It concludes, however, that a purely voluntary Clipper program violates no statutory or constitutional provisions, and that even if it does, there is no one with standing to challenge such a violation. Part II also concludes that an optional Clipper will probably make only a modest contribution to the government's stated goal of maintaining its wiretap and electronic espionage capability.

Thus, Part III considers the constitutional implications of the more radical proposal that some commentators find implicit in the policies animating Clipper: requiring all users of strong encryption to register their ciphers' keys with the government. After a whirlwind survey of evolving conceptions of the constitutional right to privacy as well as more settled First, Fourth, and Fifth Amendment doctrines, Part III concludes that although mandatory key escrow would infringe personal privacy, reduce associational[Page 718]freedoms, potentially chill speech, constitute a potentially unreasonable search, and might even require a form of self-incrimination, the constitutionality of mandatory key escrow legislation remains a distressingly close question under existing doctrines.

Part IV addresses the cryptography controversy as an example of the law's occasionally awkward response to a new technology. The courts, and to a lesser extent the legislative and executive branches, have yet to come to grips with many cryptographic conundrums. As a result, this part of the legal "landscape" remains relatively barren. As more and more settlers arrive in cyberspace, the nature of this new landscape will depend critically on the legal metaphors that the colonists choose to bring with them.

Finally, the Technical Appendix discusses modern cryptographic systems, including the widely-used Data Encryption Standard (DES), and how they can (at least theoretically) be broken by attackers armed with large numbers of relatively modest computers. It also provides an introduction to public-key cryptosystems and to digital signatures, which could represent the most important commercial application of modern cryptographic techniques.

To table of contents